As the popularity of the Internet has grown, the proliferation of computer malware has become more common. A typical computer malware is a program or piece of code that is loaded onto a computer and/or performs some undesired actions on a computer without the knowledge or consent of the computer operator. The most widespread, well-known and dangerous type of computer malware are computer viruses, that is, programs or pieces of code that replicate themselves and load themselves onto other connected computers. Once the virus has been loaded onto the computer, it is activated and may proliferate further and/or damage the computer or other computers.
Along with the proliferation of computer viruses and other malware has come a proliferation of software to detect and remove such viruses and other malware. This software is generically known as anti-virus software or programs. In order to detect a virus or other malicious program, an anti-virus program typically scans files stored on disk in a computer system and/or data that is being transferred or downloaded to a computer system and compares the data being scanned with profiles that identify various kinds of malware. The anti-virus program may then take corrective action, such as notifying a user or administrator of the computer system of the virus, isolating the file or data, deleting the file or data, etc.
Currently, there are dozens of different anti-virus programs and over 60,000 different computer viruses and other malware programs in existence. This proliferation of computer malwares and anti-virus programs causes a problem. Often, different anti-virus programs call the same virus different names, so that given just the name of the virus, as reported by the anti-virus program, it is difficult to know which virus is actually present. For example, a particular mass-mailing virus that achieved significant proliferation was called “Kournikova”, “VBS/SST”, “SBS/VBSWG.J”, “Kalamar”, and a number of other names by different anti-virus programs. These multiple names present a significant problem for users of anti-virus programs, as well as for technical support operators who deal with the users.
An additional problem arises in that different anti-virus programs may call different computer malwares the same name. In this situation, providing just the name of a virus is not sufficient. Virus descriptions must be compared to determine which virus is which. These virus descriptions may not be available in a central location, requiring searching of many different information sources to obtain the necessary information.
A need arises for a technique by which multiple names of a given virus can be determined in a quick and automated fashion.